Re: [tlug] B Flets blocks port 25?

["Stephen J. Turnbull" <stephen@example.com>]

Curt Sampson writes:
 > On 2008-06-02 16:17 +0900 (Mon), Stephen J. Turnbull wrote:
 > 
 > > Could you describe the failure mode?
 > 
 > Yes. I see no replies whatsoever except from the final hop.

OK, that is indeed a pretty total failure.  I dunno if there's a
definition of expensive NAT algorithm in the RFCs, I'm not sure I can
complain about this.

 > Ah, dnat:
 > 
 >     New --dnat, --no-dnat (default), and --no-dnat-strict command line
 >     arguments.  --dnat enabled Destination NAT detection, which works by
 >     comparing the quoted IP address in an ICMP payload with the
 >     destination a probe packet was addressed to.
 > 
 > So perhaps it's confused by the fact that the fragment within the ICMP
 > response isn't being translated, and has not the computer's address, but
 > the address of the router.

Oh-yeah-oh-yeah.  My curiosity is satisfied (and my brain phoned home,
it'll be back on Saturday :-).